Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'IgfxTrayPers' = '%WINDIR%\security\igfxprs.exe'
- %WINDIR%\security\smp.exe
- %WINDIR%\security\cms.cmd
- %WINDIR%\security\fntprnt.dll
- %WINDIR%\security\in.vbs
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%WINDIR%\security\in.vbs" "%WINDIR%\security\cms.cmd"
- '%WINDIR%\security\smp.exe' igfxprs.exe -z "Saturday 10/08/2009 2:12:34 PM"
- '%WINDIR%\security\smp.exe' %WINDIR%\security\fntprnt.dll -z "Saturday 11/01/2008 7:18:38 PM"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\security\cms.cmd" "
- '<SYSTEM32>\ping.exe' -n 2 127.0.0.1
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "IgfxTrayPers" /t REG_SZ /F /D "%WINDIR%\security\igfxprs.exe"